|
|
It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia.
— Cybersecurity expert James Lewis
|
|
Welcome back to Snippets 👋 Here's what's been happening at the intersection of privacy and tech:
- The Trump administration has reversed its stance on Russian cyber threats, omitting the long-time adversary in several key cyber briefings and forums.
- Privacy regulators at the state and federal level are struggling to keep pace with enforcement.
- US tech giants are arguing the EU AI Act creates an undue compliance burden that could affect EU product offerings.
- And so much more!
|
|
|
|
|
US reverses stance on Russian cyber threats
|
 |
|
UPI, Kremlin, Zuma/Rex/Shutterstock
|
In a radical departure from longstanding US intelligence assessments, it appears the Trump administration is no longer characterizing Russia as a cyber threat—a move experts warn could make the US more vulnerable to cyberattacks.
|
- In a UN cybersecurity meeting, Liesyl Franz, the state department’s assistant secretary for international cybersecurity, named China and Iran as cyber threats, conspicuously omitting Russia and its LockBit ransomware group.
- Additionally, an internal memo circulated within the Cybersecurity and Infrastructure Security Agency removed Russia from its list of priorities and instructed analysts to stop tracking Russian threats.
- While the shift aligns with President Trump's efforts to build ties with Russian President Vladimir Putin, one expert called the US "delusional" for thinking the President's personal views would turn Russia into an ally.
- Speaking anonymously, a person familiar with the matter noted, "With all the cuts being made to different agencies, a lot of cybersecurity personnel have been fired. [...] People are saying Russia is winning. Putin is on the inside now."
|
|
|
|
|
|
|
Join Transcend at IAPP Global Privacy Summit 2025 🎪
|
|
IAPP's Global Privacy Summit is coming up quick, and Transcend is excited to once again be exhibiting as the Title Sponsor for privacy’s biggest event of the year!
From expert panels to live demos, we'll be on the floor showcasing how Transcend is transforming privacy challenges into business value with industry-leading automation.
We’ll also be offering professional headshots at the Transcend Lounge, giving away brand new swag at Booth #5, and hosting the 'Wicked' LGBTQ+ afterparty.
|
|
|
|
|
|
|
|
Privacy regulators struggling to keep up
|
 |
|
|
With heightened consumer awareness and legal precedents set by landmark enforcement actions, privacy regulators are facing increasing pressure to act. While some states are making substantial investments to address these challenges, agencies like the FTC are struggling to keep pace.
|
- Texas, which has emerged as a major privacy enforcer, dedicated over $5 million of its 2024 budget to funding an enforcement unit, multiple investigations into data brokers, and the state’s $1.4 billion settlement with Meta.
- By contrast, Maryland’s Attorney General warned that the state is "slipping behind”—advocating for a new tax on data brokers to fund enforcement efforts and the hiring of key personnel.
- The FTC, historically a strong privacy enforcer, faces an uncertain future as the Trump administration pushes for workforce cuts and a return-to-office mandate, both of which could significantly impede the agency’s enforcement capabilities.
|
|
|
|
|
|
|
|
US companies argue the EU AI Act creates an undue compliance burden
|
 |
|
Jonathan Raa/NurPhoto via Getty Images
|
70 publicly traded US companies, including Meta, Adobe, Airbnb, Gartner, and Mastercard, warned in a joint filing that the EU AI Act's compliance requirements may force them to alter their product offerings in the EU.
|
- In their 10-K filings with the US Securities and Exchange Commission, the companies cited civil claims and hefty fines for data breaches as key risk factors.
- The companies also highlighted the high costs and difficulties of hiring more staff, consulting external advisers, and being restricted in their ability to procure and use AI tools for commercial purposes.
- The law’s ambiguous categorization of "high-risk" AI systems could also force companies to navigate enforcement discrepancies between member states.
|
|
|
|
|
|
|
|
- Apple takes legal action against UK encryption demand.
- FTC initiates refunds claim for Avast customers.
- UK opens probe into TikTok, Reddit, and Imgur over child privacy.
- Microsoft announces Dragon Copilot, an AI healthcare assistant.
- Oppo turns to Google to improve user privacy.
|
|
|
|
|
|
Melania Trump endorses TAKE IT DOWN ACT as bill gains traction
|
 |
|
Kayla Bartkowski/Getty Images
|
At a roundtable in Capitol Hill on Monday, First Lady Melania Trump endorsed the TAKE IT DOWN Act, a bipartisan bill aimed at countering the non-consensual dissemination of sexual images, including AI-generated deepfakes.
|
- The bill would require social media platforms to remove Child Sexual Abuse Material (CSAM) and intimate media within 48 hours of being notified by a victim.
- Offenders posting such content could face prison time, while social platforms that don’t comply with victim requests could face penalties from the Federal Trade Commission (FTC).
- The bill, which passed the Senate last month with unanimous support, is due for an educational hearing—with House leaders on both sides considering it a high priority.
|
|
|
|
|
|
|
|
Finnish startup Jolla launches privacy-focused AI assistant
|
 |
|
Natasha Lomas/TechCrunch
|
Jolla, the Finnish privacy and AI solutions provider, has unveiled an AI assistant that’s positioned as a "fully private" alternative to data-intensive cloud AI providers.
|
- The assistant can be integrated with email, calendar, and social accounts, as well as perform actions on users’ behalf, including booking meetings and searching the web.
- A local vector database connects user information from various accounts, but to bolster security, the data is processed and stored on-device rather than on the cloud.
- Complex operations, such as summarizing large documents, may require access to a third-party cloud or LLM provider, but users can control when and how such external services are used.
|
|
|
|
|
|
|
Understand the latest US state privacy laws in seconds ✅
|
|
Nineteen US states have enacted comprehensive data privacy laws, imposing new obligations on companies that collect, process, or store consumer data, while also granting new data rights to state residents.
Stay up-to-date with the latest using the Transcend US State Privacy Law Tracker—a skimmable, searchable spreadsheet that breaks down the key differences across all 19 state privacy laws.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
